Best Practices with Single Sign-On – Assess You Organization Readiness

Published: 30 July 2019
Best Practices with Single Sign-On

This checklist is designed to offer guidance to decision makers in enterprises, small and mid tier organizations, government agencies or other organizations to assess single sign-on (SSO) systems, as well for SSO developers to ensure that they have provided is equipped to detect the possibilities of exchanging identification and authentication credentials.

This checklist will provide you with:

  • The most important metrics to consider
  • Making sure that your SSO system is fully SSO enabled
  • A handy matrix form for you to see what each vendor has to offer

Checklist for Single Sign-on Systems

 

Key Metrics Does the SSO Support
Application Integration On-premises

  • On cloud
  • Hybrid
Community Support
  • Employees
  • Contractors
  • Partners/Vendors
  • Customers
End users or customers
  • Facebook
  • Google
Password Vaulting vs True SSO
  • User enters username+password to access apps/sites
  • User log-in for single time to access apps/sites
Open Standards
  • SAML
  • OpenID Connect
  • OAuth 2
  • WS-Federation
Mobile Users
  • SSO for mobile devices
  • Work with various devices with SAML and MDM vendors
  • MFA Authentication tool
Meet Security regulatory compliance
  • SOC 2 Type 2
  • ISO 27117
  • ISO 2701
  • ISO 27001
  • CSA Star
  • Truste
  • US Privacy Shield
  • Skyhigh enterprise ready
  • GDPR
  • EU Model Contract Clauses
  • NIST Cyber security framework
  • Vendor penetration, network and bug tests
Disaster Recovery Availability
  • 99.99% availability
  • Across data centers located across regions
  • Replication and redundancy across regions
High usability features
  • Single portal for apps
  • Integration with different browsers
  • Easy login process
  • Easy app access process
  • Users can reset passwords on their own
Enterprise access
  • Integrates with VPN
  • Integrates with wi-fi for app access
  • Endpoints integration with RADIUS and LDAP
Authentication
  • MFA
  • Adaptive authentication
  • Automated authentication
  • X 509 based certificates
Authorization Management
  • RBAC access
  • Provisioning and de-provisioning of user access in apps
Integration features
  • Seamless integration with in-house custom apps through API
  • Seamless deployment of SSO without disturbing existing apps
Federation
  • Existing identity providers like Microsoft Active Directory (AD)
  • Amazon AD
  • LDAP
  • Google directory
  • Human resource management systems such as Workday, Sucessfactors
Password rules
  • Setting up of password when expires
  • Set password complexity such as length, characters
  • Reduce support tickets during expiration notifications
  • MFA requirements for password resets if MFA isused
Developer Support -custom apps and third party systems
  • API support
  • SSO registration
  • SDK for major platforms and languages
  • OpenID Connect
Compliance based reporting
  • External authorization to third party SIEM solutions
  • Audit trails
User Behaviour Analytics  (UBA)
  • Allow blacklist, whitelist of geo-locations and IP’s
  • Set responses to high risk logins attempts
  • Re-authentication to access certain apps with MFA tools
Data processing model
  • Where data identity is processed and stored

Related Posts

The Ultimate Guide to CyberArk Access Management

CyberArk Access Management is helpful for organizations to secure and manage privileged accounts as well…

Tips for better passwords

Passwords like “123456” or ”abcd” are easy to remember for your online accounts, but passwords like these make your online accounts…
loader